diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/uts/common/io/mac/mac_protect.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/usr/src/uts/common/io/mac/mac_protect.c b/usr/src/uts/common/io/mac/mac_protect.c index cd7fcb9a5d..4438cb90fb 100644 --- a/usr/src/uts/common/io/mac/mac_protect.c +++ b/usr/src/uts/common/io/mac/mac_protect.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2014, Joyent, Inc. All rights reserved. + * Copyright (c) 2015, Joyent, Inc. All rights reserved. */ /* * Copyright 2014 Nexenta Systems, Inc. All rights reserved. @@ -1233,9 +1233,16 @@ intercept_dhcpv6_outbound(mac_client_impl_t *mcip, ip6_t *ip6h, uchar_t *end) if (allowed_ips_set(mrp, IPV6_VERSION)) return (B_FALSE); + /* + * We want to act on packets that result in DHCPv6 Reply messages, or + * on packets that give up an IPv6 address. For example, a Request or + * Solicit (w/ the Rapid Commit option) will cause the server to send a + * Reply, ending the transaction. + */ mtype = dh6->d6m_msg_type; - if (mtype != DHCPV6_MSG_REQUEST && mtype != DHCPV6_MSG_RENEW && - mtype != DHCPV6_MSG_REBIND && mtype != DHCPV6_MSG_RELEASE) + if (mtype != DHCPV6_MSG_SOLICIT && mtype != DHCPV6_MSG_REQUEST && + mtype != DHCPV6_MSG_RENEW && mtype != DHCPV6_MSG_REBIND && + mtype != DHCPV6_MSG_RELEASE) return (B_TRUE); if ((cid = create_dhcpv6_cid(dh6, end)) == NULL) |